Loosing data that you are responsible for can be far more than an inconvenience – it can cost you your job or could even bring legal consequences. In the cloud enabled environments of today, we still find scenarios that require us to physically hold data on media, so the question of how do we best secure these physical devices will continue to be an important question to answer. We are starting a series of product reviews specific to USB Flash Drives (or USB Thumb Drives if you prefer) that offer built-in hardware encryption. If the worst case scenario happens, where the drive is lost or stolen, at least your data will be protected (hopefully!).
3 Flavors Available
The Kingston Digital 64GB Data Traveler AES Encrypted Vault Privacy 256Bit 3.0 USB Flash Drive (DTVP30/64GB) is one of several encrypted USB flash drives intended primarily for personal use. It can be used for business purposes, but if you are looking for features such as enterprise management and control of the device, you won’t find them with the “Vault Privacy” version of this product. Slightly different models support both antivirus and managed solutions if you require those options:
The major question to ask regarding any encrypted storage device, or any encryption in general is what cypher is in use. In this case AES-256 is the cypher in use. AES is a fairly strong cypher, especially with a 256 byte key. AES has multiple modes that it can operate with. Cypher Block Chaining (CBC) is one of the most well-known modes of AES operation. However, the Data Traveler uses the XTS (XEX-based tweaked-codebook mode with ciphertext stealing) mode. The XTS mode was fairly recently standardized. IEEE standardized XTS mode in 2007 and NIST released standard publication 800-38E in 2010, so there have only been a few years of wide standard use to evaluate the strength of XTS mode. The original goal os XTS mode was to increase the security level of AES-CBC by trying to prevent side channel attacks. There are still a few open discussions regarding the security of XTS mode, but it appears to be fairly secure.
FIPS Certification and TAA compliance
Many customers in the market for an encrypted USB flash drive are looking to comply with regulations or requirements. Frequently one of the requirements is a FIPS certification. The Kingston Data Traveler is certified with FIPS 197 which primarily looks at the hardware encryption algorithms in use on the device. A more recent FIPS standard (140-2) is quickly becoming the defacto certification standard for devices such as encrypted USB flash drives. FIPS 140-2 (level 3) provides a more robust certification method that takes into account additional factors besides simple hardware encryption algorithms. It also ensures that the circuits themselves are tamperproof or at least prove that tampering occurred. If you requirements include FIPS 140-2 (level 3), then the Vault Privacy model is not for you. However, you might want to consider the 4000 G2 as another option. The Vault Privacy is TAA compliant, which is increasingly an important caveat in many organizations.
Speed and Performance
The USB 3.0 interface allows for a much faster transfer of information to and from the device. The older USB 2.0 standard allowed for a maximum of 60MBytes/second. The USB 3.0 standard can theoretically transfer at much higher data rates, close to 600MBytes/sec.
Considering that some USB flash drives are now capable of storing 512GB or higher, the maximum 64GB of storage on the Vault Privacy seems less than ideal. There are cases where the size of a single file could exceed 64GB. IronKey S1000 at 128GB and similar security features can store twice the amount of data, but at quite an increase in price. Encrypted Solid State Drives (SSDs) might be another option if you require additional storage.
One of the greatest strengths of the Vault Privacy is the price. As of October 2016, the 64GB version is selling for $151 on Amazon.com.Overall, this is a significant amount higher than an unsecured and unencrypted usb flash drive, but not an outrageous price by any means. The extra built-in security warrants the price premium
The Vault Privacy is a great encrypted flash drive for personal use and for small business use. It is lacking in storage capacity, but can easily meet the needs of most standard users.